Update a logged-in member’s profile from the widget. Identity fields — phone, email, and the POI customer-id (UDF) — are intentionally not editable here; only ordinary profile fields are. This keeps a shopper from re-pointing their account to someone else’s storefront identity or contact.
TL;DR —
PATCH /api/v1/members/:poiIdaccepts an allowlist of profile fields. Phone is forced from the session, the customer-id UDF is never writable, and email can only be added once — never overwritten.
1. Endpoint
PATCH {BASE_URL}/api/v1/members/:poiId
Authorization: Bearer <session token>
Send a partial member object. Only allowlisted keys reach Simply Club; anything else is dropped server-side (no error — silently ignored).
2. What you can edit
| Field | Notes |
|---|---|
first_name, last_name (or fullName) | |
birthday, wedding_day | DD/MM/YYYY |
personal_id | |
marketing consent — if_send_sms, if_send_email, marketingOptIn |
3. What you can’t edit (and why)
| Field | Rule |
|---|---|
| phone | Forced from the authenticated session. Changing it needs a fresh OTP. |
| customer-id (UDF) | Never client-writable — prevents claiming another shopper’s storefront identity. |
| Cannot be overwritten. Can be added once when empty — see §4. |
4. Email is write-once
Email is not an identity/lookup key (Simply Club identity is phone-only) — but it can be stored as contact info. It is accepted only when both hold:
- the member has no email yet, and
- no other member already uses that address.
A same-value resend is a no-op. Changing an existing email is rejected — that needs a verified email-change flow, which is not yet available.
5. Error codes
| HTTP | Code | Meaning |
|---|---|---|
| 400 | INVALID_EMAIL | Email is malformed. |
| 400 | EMAIL_TAKEN | Another member already uses this email. |
| 400 | EMAIL_CHANGE_FORBIDDEN | The member already has a different email; changing it here is not allowed. |
| 400 | MEMBER_LOAD_FAILED | The session’s member could not be loaded — retry. |
Related: Fast Login · Login From Backend